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information  Analysis  Center 


Defending  Against  G2Wand  IWAttack 


Editor’s  Note:  This  article  is  part 
of  a  continuing  series  that  highlights 
current  Information  Assurance  (IA) 
initiatives  within  the  Department  of 
Defense.  The  Joint  Command  and 
Control  Warfare  Center  (JC2WC)  is 
located  at  Kelly  Air  Force  Base 
(AFB)  in  San  Antonio,  Texas. 

by  Co/onet  Chartes  C.  South,  USAF 
Deputy  Director  for  Protect/ 
Defense,  Joint  Command  and 
Controt  l/Varfare  Center 

The  mission  of  the  Joint 
Command  and  Control  Warfare 
Center  (JC2WC)  is  to  “provide 
direct  Command  and  Control 


Warfare  support  to  operational 
commanders"1  and  serve  as  the 
principal  field  agency  within  the 
Department  of  Defense  (DoD) 
for  non-Service-specific  C2W 
support.  The  JC2WC  executes 
its  mission  through  its  direc¬ 
torates  of  Operations  (OP),  Pro¬ 
tect  /  Defense  (PD),  Operations 
Supportand  Technical  integra¬ 
tion  (OT),  Systems  Integration 
(SI),  the  Office  of  Plans  and 
Programs  (XR),  and  the  Special 
Technical  Operations  (STO)  Di¬ 
vision.  The  focus  of  the  Pro¬ 
tect/Defense  Directorate  is  to 


assist  the  combatant  comman¬ 
ders  in  the  development  of 
strategies  to  defend  against 
C2W  and  Information  Warfare 
(IW)  attacks. 

The  Directorate’s  original 
concept  was  that  of  “Red  Team¬ 
ing"  or  exploiting  information  op¬ 
erations  and  related  information 
technologies  to  raise  the  aware¬ 
ness  of  CINCs  and  OSD  pro¬ 
gram  managers  to  information 
related  vulnerabilities.  Howev¬ 
er,  as  concepts  and  doctrine  for 
IW  and  Information  Operations 
(10)  developed,  we  realized  that 
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The  U.S.  Army  War  Col¬ 
lege,  Center  for  Strategic 
Leadership,  hosted  an  Infor¬ 
mation  Assurance  Seminar 
Game  that  examined  the 
emerging  roles  of  the  public 
and  private  sectors  in  protect¬ 
ing  our  critical  information  in¬ 
frastructures  from  information  Warfare  attacks. 
The  Seminar  Game  was  held  3-5  February  1998 
at  the  Center  for  Strategic  Leadership  (CSL) 
Carlisle  Barracks,  Pennsylvania  and  was  jointly 
sponsored  by  the  CSL,  Booz-Allen  &  Hamilton, 
and  the  National  Computer  Security  Association. 
Seminar  Game  participants  were  composed  of 
industry  and  government  experts  whose  views 
influence  national  information  assurance  policy 
and  direction.  The  Seminar  Game  provided  par¬ 
ticipants  with  a  unique  opportunity  to  interact  on 
matters  of  increasing  concern  to  all,  and  resulted 
in  a  more  balanced  view  of  information  warfare 
and  its  threat  to  our  nation’s  critical  infrastruc¬ 
ture,  private  and  public. 

Presentations  by  recognized  national  security 
experts  were  provided  to  help  participants  define 
the  threat,  assess  vulnerabilities  and  consider 
ways  to  estimate  damages  in  the  wake  of  an  in¬ 


formation  infrastructure  attack.  Participants  in¬ 
vestigated  ways  to  detect  and  disclose  infrastruc¬ 
ture  attacks  while  addressing  an  appropriate 
process  for  response  and  recovery.  The  seminar 
also  considered  the  national  response  to  a 
strategic  information  attack. 

Results  of  the 
game  will  be  dis¬ 
tributed  to  partici¬ 
pants,  key 
government  of¬ 
fices,  and  select¬ 
ed  agencies  for 
publication.  Fur¬ 
ther  details  can 
be  obtained  by 
contacting  one  of 
the  following: 

U.S.  Army  War  College 

Mr.  Robert  F.  Minehart,  Jr.  (717)  245-4472 

Internationa!  Computer  Security  Association 
Mr.  Fred  Tompkins  (717)  241-3241 

Booz-Allen  &  Hamilton,  Inc. 

Mr.  Albert  J.  Ross 


(410)  684-6635 


'he  information  Assur¬ 
ance  Technology  Newslet- 
er  is  published  quarterly 
>y  the  Information  Assur- 
ince  Technology  Analysis 
Center  (IATAC).  The  third 
ssue  continues  the  focus 
)n  current  information  as- 
;urance  initiatives  under- 
vay  within  the  Department 
)f  Defense.  In  addition,  an 
jverview  of  the  IA  Tools 
)atabase  is  provided  that 
lighlights  the  current  col¬ 
ection  of  Intrusion  Detec- 
ion  Tools. 

ATAC,  a  DoD-Sponsored 
nformation  Analysis  Cen- 
er  (IAC),  is  ad  ministrati  ve- 
y  managed  by  the 
Defense  Technical  infor- 
nation  Center  (DTIC) 
inder  the  DoD  IAC  Pro- 
iram.  Inquiries  about 
ATAC  capabilities,  prod- 
icts  and  services  may  be 
iddressed  to: 

Robert  Thompson 
Assoc.  Director,  IATAC 

Ve  welcome  your  input, 
o  submit  your  related  ar- 
icies,  photos,  notices, 
eature  programs  or  ideas 
or  future  issues,  please 
:ontact: 

IATAC 

ATTN:  C.  Wright 
8283  Greensboro  Dr. 
Allen  663-D 
McLean,  VA  221 02 
Phone  703-902-3177 
Fax  703-902-3425 
STU-III 703-902-5869 
STU-III  Fax  902-3991 
E-mail:  iatac@dtic.mil 
nternet:  www.iatac.dtic.mil 
ntelink-S: 

ittp://204.36.65.5/index.htmi 

ntelink: 

ittp://www.web1.rome. 

c.gov/iatac 
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10  vulnerabilities 
should  be  addressed  in  the 
larger  context  of  IW  and  10. 
That  is,  since  command  and 
control  (C2)  is  a  subset  of  IW, 
we  need  to  protect  information 
with  C2  application  and  value, 
regardless  of  whether  or  not  it 
resides  in  a  C2  system.  In  ad¬ 
dition,  we  need  to  address 
those  10  objectives  and  tasks 
associated  with  peacetime 
defense. 

Accordingly,  the  Protect/ 
Defense  Directorate’s  mission 
is  evolving  from  (C2)  Protect 
and  (IW)  Defense  to  Defen¬ 
sive  10.  In  this  context,  we 
are  orienting  our  mission  to 
the  new  definitions  prescribed 
by  DODD  S-3600.  (Informa  - 
tion  Operations ),  CJCSI 
3210.1  (Joint  Information  War - 
fare  Policy ),  CJCSI  651 001 A 
(Defensive  IW  Implementa  - 


Operations ).  DODD  S-3600 
provides  that  “DoD  information 
systems  critical  to  the  trans¬ 
mission  and  use  of  minimum- 
essential  information  for 
command  and  control  of 
forces  shall  be  designed,  em¬ 
ployed,  and  exercised  in  a 
manner  that  minimizes  or  pre¬ 
vents  exploitation,  degrada¬ 
tion,  or  denial  of  service  from 
a  multiple  variety  of  attacks  to 
include  computer  network  at¬ 
tack.”  Draft  Joint  Pub  3-13 
refers  to  the  following  related 
defensive  10  areas:  informa¬ 
tion  assurance,  physical  secu¬ 
rity,  OPSEC,  counter¬ 
deception,  counter-PSYOP, 
counter  intelligence  (Cl),  elec¬ 
tronic  protect,  and  special  in¬ 
formation  operations.  The 
Defense  10  mission  also  in¬ 
volves  responses  to  IW  at¬ 
tacks  that  may  be  either 


ture  and  may  involve  interface 
with  law  enforcement  agen¬ 
cies. 

As  you  can  see,  Defensive 
10  is  a  relatively  broad  mis¬ 
sion.  It  is  also  a  dynamic  one 
—  as  IW  and  10  concepts  and 
doctrine  evolve,  so  does  our 
mission,  and  we  continue  to 
examine  processes  that  best 
support  the  combatant  com¬ 
manders  in  the  areas  listed 
above.  Since  this  is  a  new 
mission  area  for  the  JC2WC, 
we  continue  to  seek  out  the 
best  training  available  in  these 
areas  to  enable  us  to  provide 
the  requisite  expertise  as  a 
“center  of  excellence.”  To  ac¬ 
complish  this  mission,  the  Di¬ 
rectorate  has  established 
three  functional  area  teams 
(see  Figure  1  below)  to  re¬ 
spond  to  our  evolving  defen¬ 
sive  10  mission.  These 


tion),  and  Draft  Joint  Pub  3-13 
(Joint  Doctrine  for  Information 


defensive  or  offensive  in  na- 
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&  Raise  Awareness  of  Significant  10  Vulnerabilities 

W  Develop  Joint  Defensive  10  Strategies 

(0/  Ensure  the  Best  Possible  10  Technologies  for  the  Warfighter 


Figure  1 .  Protect/Defense  Functional  Areas 


bourse  Objective: 

The  purpose  of  this  fuil-day 
utorial  is  provide  attendees  an 
accurate  depiction  of  the  role 
penetration  testing  plays  in 
analyzing  a  system’s  overall 
security  posture.  The  tutorial 
s  designed  to  provide  a  thor- 
pugh  understanding  of  penetra- 
ion  testing  concepts, 
erminology,  approaches  and 
echniques  that  can  be  applied 
o  all  system  and  network 
configurations. 

This  course  is  NOT  in-  \ 
ended  to  teach  specific  \ 

system  vulnerabilities  or  * 

low  to  exploit  them,  but  will  1 

provide  information  on  pub-  I 

icly  available  sources  and 
ools  that  are  commonly 
jsed  by  hackers.  During 
his  course  attendees  will 
earn  how  penetration  testing 
its  into  life-cycle  system/net - 
vork  security  and  how  it  can 
complement  other  commonly 
performed  security  activities 
such  as  risk  analysis  and  se¬ 
curity  test  and  evaluation.  At- 
endees  will  also  learn  the 
imitations  to  penetration  testir 
and  that  it  is  not  a  comprehen 
sive  analysis  of  a  system’s  se 
curity. 

At  the  completion  of  this  tu* 
orial,  attendees  should  have  < 
petter  understanding  of  what 
penetration  testing  is  and  is 
pot,  how  it  can  be  beneficial  tc 
prganizations,  and  restrictions 
mposed  when  performed  by 
professional  consultants  withir 
egal  boundaries.  Attendees 


Campus  — ■  8283  Greensboro 
Drive.  A  registration  fee  of 
$225.00  is  required  and  due  by 
May  18,  1998.  A  $50.00  late  fee 
will  be  applied  for  all  registrations 
received  after  May  18,  1998  and 
for  payment  at  the  door. 

For  more  information 
concerning  the  tutorial,  please 
contact  Christina  Wright  at 
703-902-3176/3177  or  via 
e-mail  at  iatac@dtic.mil. 


[Penetration 

f  .  instructor:  Debra  Banmng 

Scout^^ 

h.  Introduction  to  — ! 

:l;:Pefi^ation:Ie^n^^  _ 

L  a  rtwmAches:  t6®ngtr«twa- 


MU 


3.  Building  Penetration 
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vill  have  obtained  the  basic 
oundation  necessary  for  build- 
ng  a  penetration  testing  capa- 
pility  and  performing 
penetration  tests. 

The  tutorial  will  be  held  as 
3overnment-Only  (see  registra- 
ion  form  on  page  8)  at  the 
3ooz  Allen  &  Hamilton  McLean 


ABOUT  THE  INSTRUCTOR 

Debra  Banning  is  a  Senior  Associate  at  Booz  Allen  & 
Hamilton  specializing  in  security/risk  assessments  and  pene¬ 
tration  testing.  Ms.  Banning  has  been  planning,  performing 
and  leading  penetration  exercises  for  government  and  com¬ 
mercial  clients  for  1 3  years.  She  recently  presented  the  Pen 
etration  Tutorial  on  which  this  workshop  is  based  at  the  13th 
Annual  Computer  Security  Applications  Conference  spon¬ 
sored  by  the  IEEE  Computer  Society. 


I  INFORMATION  ASSURANCE  TOOLS  DATABASE:  INTRUSION 


Title 

ADS 

AID 

ALVA 

Argus 

ARPMon 

The  IATAC 

Information 

Assurance 

ARPWATCH 

Tools  Data¬ 

ASAX 

base  hosts 
information 

ASIM 

on  intrusion 

CMDS 

detection, 

vulnerability 

Courtney 

analysis, 

firewalls, 

CyberCop 

and  anti¬ 
virus  appli¬ 
cations.  A 

EMERALD 

brief  sum¬ 

Gabriel 

mary  of  In¬ 
trusion 

GrIDS 

Detection 

Tools  is  pro¬ 
vided  on 

IDES 

these  two 
pages.  For 

IDIOT 

more  infor¬ 

Ifstatus 

mation,  see 

IATAC 

Internet 

Scanner  Toolset 

Products 

on  page  6. 

INTOUCH  INSA 

ITA 

Kane 

Security  Monitor 
mdScheck 

NADIR 

Attributes 

attack  detection 
audit-based,  misuse  detection 

anomaly  detection,  audit-based 


audit-based,  system  monitoring 
system  monitoring 

system  monitoring 

audit-based,  misuse  detection 

anomaly  detection 

anomaly  detection,  audit-based, 
expert  system,  misuse  detection 
system  monitoring 

anomaly  detection,  misuse 
detection,  system  monitoring 

anomaly  detection,  system  monitoring 


system  monitoring 
anomaly  detection 

anomaly  detection,  expert  system, 
misuse  detection,  system  monitoring 

misuse  detection 
anomaly  detection 

anomaly  detection 


anomaly  detection,  keystroke 
surveillance,  misuse  detection 

anomaly  detection,  audit-based, 
misuse  detection 

misuse  detection,  system  monitoring 
file  integrity 
anomaly  detection 


Description 

Attack  detection  system  for  secure  computer  systems 
Distributed  intrusion  detection  system  that  consists  of  agents 
on  the  monitored  hosts  and  a  central  monitoring  station  with  an 
expert  system 

Real-time  tool  for  detecting  potential  security  violations  in  UNIX 
audit  logs.  The  system  gains  some  level  of  platform 
independence  by  analyzing  command  logs  that  are 
pre-computed  from  the  system  audit  logs. 

Generic  IP  network  transaction  auditing  tool  for  UNIX 
Maps  IP  addresses  to  physical  network  or  hardware  addresses 
to  monitor  the  usage  of  IP  addresses  on  a  network 
Aims  to  protect  against  address  spoofing  by  monitoring 
Ethernet  activity  and  maintaining  a  database  of  Ethernet/IP 
address  pairings 

Distributed  audit  trail  analysis  system  that  also  has 

incorporated  configuration  analysis 

Air  Force  project  designed  to  measure  the  level  of 

unauthorized  activity  against  its  systems 

Real-time  audit  reduction  and  analysis  to  detect  and  deter 

computer  misuse 

Monitors  the  network  and  identifies  the  source  machines  of 

SATAN  probes/attacks . 

Real-time  security  solution  that  issues  alarms  when  attacks  are 
identified,  recognizes  networked  elements  under  attack,  logs 
the  activity,  and  captures  evidence  of  the  intrusion 
Distributed  scalable  tool  suite  for  tracking  malicious  activity 
through  and  across  large  networks  and  introduces  a  highly 
distributed,  building-block  approach  to  network  surveillance, 
attack  isolation,  and  automated  response 
SATAN  detector  available  for  Sun  platforms,  written  entirely  in 
C  and  comes  pre-built 

Uses  graph-based  language  for  analyzing  network  connection 
activity  in  a  LAN-MAN  sized  system  to  detect  large-scale 
automated  attacks  on  networked  systems 
Real-time  intrusion-detection  expert  system  that  observes  user 
behavior  on  a  monitored  computer  system  and  adaptively 
learns  what  is  normal  for  individual  users,  groups,  remote 
hosts,  and  the  overall  system  behavior 
Based  on  complexity  of  matching  and  temporal  characteristics 
Checks  network  interfaces  for  promiscuous  or  debug  mode  in 
an  attempt  to  determine  if  a  sniffer  is  being  run 
Perform  scheduled  and  selective  probes  of  a  network’s 
communication  services,  operating  systems,  key  applications, 
and  routers  in  search  of  those  vulnerabilities  most  often  used 

by  individuals  to  probe,  investigate,  and  attack . 

Scans  all  network-based  user  activity,  regardless  of  the 
computer  manufacturer  or  operating  system  being  used, 
utilizing  keystroke-level  surveillance 
Detect  intruders  or  abuse  by  analyzing  audit  data  from  the 
operating  systems  it  supports  utilizing  a  rules  engine 
Provides  network  security  monitoring  using  artificial 
intelligence,  and  identifies  internal  and  external  violations 
Compares  the  MD5  checksums  of  several  critical  SunOS  4.x 
system  files  to  a  database 

Ruies-based  expert  system  to  automatically  detect  intrusion 
attempts  and  other  network  security  anomalies 


Detection  Tools 


Title 

HETMAN 

vletRanger 

HD 

vllDES 

nJOCOL 

vloshell 

sISM 

DOLYCENTER 

^ealSecure 

SecureNet  Pro 

Stake  Out 

Stalker 

Swatch 

Tripwire 

T-sight 


JN1CORN 

JSTAT 


Watch  Dog 
A/ebSta!ker  Pro 


( Connection 
Monitor 


Attributes 

system  monitoring 

anomaly  detection,  misuse 
detection,  system  monitoring 

anomaly  detection,  misuse  detection 

anomaly  detection,  expert  system, 
misuse  detection,  system  monitoring 


system  monitoring 


system  monitoring 

system  monitoring 

misuse  detection,  system  monitoring 

system  monitoring 


keyword-level  surveillance, 
system  monitoring 

anomaly  detection,  misuse 
detection,  system  monitoring 
misuse  detection 

misuse  detection,  system  monitoring 


file  Integrity 
system  monitoring 


audit-based 


Description 

Package  of  network  monitoring  and  visualization  tools  for 
monitoring  and  displaying  network  communications 
Analyzes  the  data  traffic  for  content  and  context  while 
searching  for  signatures  indicative  of  hacking  attacks  or  other 
security  violations 

Detects,  analyzes,  and  gathers  evidence  of  intrusive  behavior 
on  Ethernet  and  FDDI  networks  using  the  Internet  protocol 
Real-time  monitoring  of  user  activity  on  multiple  target  systems 
connected  via  Ethernet,  rule-base  employs  expert  rules  to 
characterize  known  intrusive  activity  represented  in  activity 
logs,  and  raises  alarms. 

Monitors  network  and  system  variables,  such  as  ICMP  or  RPC 
reachability,  RMON  variables,  nameservers.  Ethernet  load,  port 
reachability,  host  performance,  SNMPtraps,  modem  line 
usage,  Appletalk  and  Novell  routes/services,  BGP  peers 
Provides  the  system  administrator  with  additional  information 
about  who  is  logging  into  disabled  accounts 
Network-based  network  traffic  monitor 
Knowledge-based  analysis  of  audit  data  to  recognize  and 
respond  to  simple  security-relevant  events 
Real-time,  automated  attack  recognition  and  response  system 
that  rests  on  the  network,  monitoring  the  network  traffic  stream 
looking  for  attacks  and  unauthorized  access  attempts 
Combines  several  key  technologies,  including  session 
monitoring,  firewalling,  hijacking,  and  keyword-based 
intrusion  detection 

Monitors  network  traffic  and  detects  intrusive  or  suspicious 
activity  as  it  occurs 

Identifies  intruders  and  internal  misuse  by  analyzing  audit  trail 
data  and  reporting  on  suspicious  user  and  system  activities 
Monitors  events  on  a  large  number  of  systems  and  modifies 
certain  programs  to  enhance  their  logging  capabilities  and 
software  to  then  monitor  the  system  logs 
Compares  a  designated  set  of  files  and  directories  to 
information  stored  in  a  previously  generated  database 
Visualizes  traffic  and  data  transiting  a  network,  evaluates  risks 
of  certain  transactions,  and  displays  connection/transaction 
data  that  can  either  be  logged  or  viewed  during  real-time 
monitoring 

Accepts  audit  logs  from  Unicos  (Cray  UNIX),  Kerberos,  and  a 
common  file  system,  then  analyze  them  and  attempts  to  detect 
intruders  in  real  time 


misuse  detection,  Makes  use  of  the  audit  trails  that  are  collected  by  the  C2  Basic 

state  transition  analysis  Security  Module  of  SunOS  and  keeps  track  of  only  those 

critical  actions  that  must  occur  for  the  successful  completion 
of  the  penetration 

system  monitoring  Monitors  and  manages  the  SunOS  audit  trail  produced  by  the 

system’s  C2  security  features  and  responds  in  real  time  to 
events  that  appear,  and  stores  the  audit  trail 

misuse  detection  Controls  access  to  Web  content  files,  and  can  watch  all  Web 

and  non-Web  accesses,  all  processes,  and  all  changes  to  Web 
and  other  files;  notifies  in  realtime  through  SNMP,  pager,  or 
e-mail  when  anything  suspicious  occurs 

system  monitoring  Monitors  X  connections  by  using  RFC931  to  display  user 

names,  when  the  client  host  supports  RFC931,  and  allows  the 
user  to  freeze  and  unfreeze  connections,  or  kill  them, 
independent  of  the  client  and  independent  of  the  server 
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Intrusion  Detection 


For  more 
information  on 
IATAC  products  & 
reports,  contact 
Aiethia  Tucker  at 
703-902-3177. 
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This  unclassi-  /  Brnmam^, 
fied  report  de- 
scribes  the 
models,  simula¬ 
tions  and  tools  j 
being  used  or  j 
developed  by  j 
selected  organ!-  j 
zations  that  are  j 
chartered  with  j  j 
the  Information  /  ftiRusipy  hprr- 
Assurance  mis- 
sion.  Data  collection  efforts 
focused  on  the  current  defini¬ 
tions  of  Information  Operations, 
Information  Warfare,  and  Infor¬ 
mation  Assurance  as  described 
in  DoD  Directives  S-3600.1, 

‘ Information  Operations," and 
Chairman,  Joint  Chiefs  of 
Staff  Instruction  651 0.1  A, 

" Defensive  Information  War  - 
fare  Policy.” \n  addition,  the 
definitions  prescribed  by 
j  DMSO  for  model  and  simu- 
*  lation  were  used  to  deter¬ 
mine  what  entities  should  be 
included  in  this  IA  models,  sim¬ 
ulations  and  tools  report. 


This  Information  Assurance 
.  Tools  Report  provides 
**  j  an  index  of  intrusion 
|  detection  tool  descrip- 
I  tions  contained  in  the 
I  IATAC  Information  As- 
!  surance  (IA)  Tools 
I  Database.  The  IA  Tools 
I  Database  hosts  informa- 
|  tion  on  intrusion  detec¬ 
tion,  vulnerability 
,  analysis,  fire- 


Lj  walls,  and  anti  B:  ^ 
virus  software 
applications,  infor¬ 
mation  was  ob¬ 
tained  via  open 
source  methods, 
including  direct  in¬ 
terface  with  vari¬ 
ous  agencies,  J 

organizations,  J 

and  vendors.  Re-  I 
search  for  this  re-  fi 
port  identified  43  * 
intrusion  detection  tools 
currently  employed  and  avail¬ 
able.  Tool  information  includes 
title,  author,  source,  contact  in¬ 
formation  and  tool  abstract. 
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IN/huaous  Qxx 
Detection  SOAR 

This  IATAC  State-Of-The-A 
Report  (SOAR)  addresses  Ma 
licious  Software  Detection.  In¬ 
cluded  within  the  report  is  a 
taxonomy  for  malicious  soft¬ 
ware  to  provide  the  audience 
with  a  better  understanding  of 
commercial  malicious  software 
An  overview  of  the  current 
state-of-the-art  commercial  ms 
licious  software  detection  prod 
ucts  and  initiatives,  as  well  as 
future  trends  is  present* 
i  ed.  The  same  is 
j  then  done  for  cur- 
Irent  state-of-the-an 
Fin  regards  to  DoD 
'malicious  software 
detection.  Lastly,  th« 
report  presents  ob¬ 
servations  and  asser 
tions  to  support  the 
DoD  as  it  grapples 
with  this  problem  en¬ 
tering  the  21st  century 
'This  report  is  classifiec 
and  has  a  limited  release. 


Secure  STIINET's  Qjstcmzaiicn 


The  Dynamic  Secure  STINET 
Service  now  has  added  the  following: 

Secure  STINET’s  Customization 
provides  the  power  to  create  and 
modify  your  own  personalized  web 
page.  See  what  has  changed  in 


STINET 


STINET  by  filtering  out  what  is  old 
and  concentrating  on  what  is 
k  new, . .set  up  a  personal  profile 
gk  based  on  subject  fields  and 
ffSk  groups  and  automatically  re- 
ceive  citations  via  e-mail  to 
Jni  the  latest  accessions  in 
y|P  DTIC’s  Technical  Report  col- 
Emg  lection  twice  a  month ...  save 
HF  search  queries  for  both  the 
*  Technical  Report  and  Work  Unit  In¬ 
formation  System  collections  for  re¬ 


use. 

Abstracts  are  now  included  with 
citations  to  unclassified/  limited  docu¬ 
ments  in  the  Technical  Reports  Bibli¬ 
ographic  Database.  Viewing 

»^<****r  £2l  ahctrarts  is  based  nn  individual  user 


profile  access  restrictions.  If  your 
profile  does  not  permit  you  to  view  a 
particular  citation’s  abstract,  you  will 
be  allowed  to  view  the  rest  of  the  ci¬ 
tation,  minus  the  abstract. 

Over  3,000  full-text  technical  re¬ 
ports  are  now  available  for  viewing 
and  downloading.  Special  Collections 
highlights  reports  found  in  DTIC’s 
Technical  Reports  collection  based 
on  the  source,  topic,  or  targeted 
group.  In  addition  to  setting  up  your 
own  search  parameters,  you  can 
search  using  preestablished  profiles 
developed  by  retrieval  experts. 

The  Partnership  for  Peace  Infor¬ 
mation  Management  System  (PIMS) 
is  designed  to  enhance  the  educa¬ 
tion  of  U.S.  Service  school  students. 
Topic  searches  developed  by  DTIC 
for  the  PIMS  community  provide  in¬ 
formation  ranging  from  air  traffic  con¬ 
trol  management  to  public  affairs. 
PIMS  also  offers  students  the  ina¬ 


bility  to  construct  custom  searches 
for  information  not  covered  in  the 
topic  searches. 

The  subscription  for  the  Secure 
STINET  Service  access  via  a  web 
client  is  $50  per  year/per  subscribe! 
To  subscribe  to  Secure  STINET  Sei 
vice,  contact  DTIC’s  Registration 
Branch; 

Telephone:  (703)767-8272 
DSN  427-8272 
Toll  Free:  800-225-3842 

(menu  selection  2,  option  2, 
sub-option  2) 

Fax:  (703)767-8228 

DSN  427-8228 
E-mail:  reghelp@dtic.mil 

Questions  concerning  this  prod¬ 
uct  may  be  directed  to  the  Product 
Management  Branch,  DTIC-BCP, 
800-225-3842  (menu  selection  2, 
option  3),  703-767-8267,  or  DSN 
427-8267. 


Defending.... 

Continued  from  page  2 

unctional  teams  are  entitled 
Dombat  Support,  Advanced 
Technology,  and  Field  Sup¬ 
port.  Since  the  directorate  is 
elatively  small,  with  only  17 
people,  we  leverage  10  “oppo¬ 
sition  force”  and  analytical  ca- 
)abilities  of  other  national 
agencies,  service  IW  activities, 
and  contractors. 

The  Protect/Defense  Direc¬ 
orate  supports  six  to  eight 
DINC-sponsored  exercises 
5ach  year.  The  Combat  Sup- 
aort  Team  provides  direct  de- 
ensive  10  support  to  the 
combatant  commander  and 
serves  as  the  joint  coordina- 
ion  focal  point  for  vulnerability 
assessment  (i.e.,  exercise 
DON OP),  IW  Red  Team  sce- 
aario  development,  external 
agency  coordination,  defen¬ 
sive  10  awareness  training  (as 
equested),  Red  Team  sce- 
lario  execution,  and  After-Ac- 
ion-Reporting. 

The  JC2WC  has  been 
asked  by  OSD  to  perform  vul- 
lerability  assessments  in  sup- 
aort  of  the  Advanced  Concept 
Technology  Demonstration 
ACTD)  program.  During 
-Y97,  the  Advanced  Technolo¬ 
gy  Team  provided  vulnerability 
assessment  support  for  the 
ollowing  ACTDs:  Rapid  Ter- 
ain  Visualization,  Counter 
Proliferation,  Air  Base/Port  Bio 
Detection,  Combat  ID,  Battle- 
leld  Awareness  and  Data  Dis¬ 
semination,  Joint  Counter- 
nine,  Rapid  Force  Projection 
nitiative,  and  Precision  SIG- 
NT  Targeting  System.  ACTDs 
entatively  planned  for  evalua- 
ion  in  FY98  include  Naviga- 
ion  Warfare,  Joint  Logistics, 
Military  Ops  in  Urban  Terrain, 
Extended  Littoral  Battlespace, 
Dhemical  Add-on  (to  Air 
3ase/Port  Bio  Detection),  and 
Jnattended  Ground  Sensor, 
/ulnerability  assessment  sup- 
)ort  provides  critical  insight 
nto  system  design  and  allows 


OSD  and  the  Services  to  cor¬ 
rect  deficiencies  before  pro¬ 
duction  and  fielding  of  a 
system.  As  such,  CINC  users 
are  made  aware  of  the  limita¬ 
tions  associated  with  a  system 
before  depending  on  the  infor¬ 
mation  in  an  operational  envi¬ 
ronment.  Other  FY98 
approved  ACTDs  are  still 
under  review  for  assessment. 

The  Field  Support  Team 
functions  as  a  self-sustaining, 
deployable  “IW  Red  Team” 
that  supports  the  Combat 
Support  and  Advanced  Tech¬ 
nology  teams.  Field  Support 
Team  deployable  capabilities 
include  HF/VHF/UHF/  EHF, 
Signal  Intercept  and  DF, 
Radar/IR  Detection,  and  RF 
Jamming.  Instrumentation  as¬ 
sets  include  GPS,  oscillo¬ 
scopes,  pulse  analyzer,  and 
spectrum  analyzer.  In  addi¬ 
tion,  Field  Support  Team  as¬ 
sets  include  shelters, 
generators,  and  cargo  trucks. 

As  the  10  environment  be¬ 
comes  more  complex,  and  the 
Defense  Information  Infra¬ 
structure  more  integrated  with 
the  National  and  Global  Infor¬ 
mation  Infrastructures,  defen¬ 
sive  10  measures  also 
become  more  important  and 
more  difficult  to  assure.  In  any 
case,  we  will  continue  to 
leverage  heavily  off  of  the  re¬ 
sources  and  capabilities  of 
National  agencies  such  as  Na¬ 
tional  Security  Agency  (NSA) 
and  the  Services’  IW  Centers/ 
Activities  in  providing  defen¬ 
sive  10  support  to  the  combat¬ 
ant  commanders.  The  JC2WC 
will  continue  to  strive  to  be  the 
acknowledged  10  leader,  re¬ 
sponsive  to  the  CINCs,  for  in¬ 
tegrating  information 
operations  into  the  overall  mili¬ 
tary  campaign  plan. 

'  CJCSf  5118. 01.  Charter  for  the  Joint 
Command  and  Control  Warfare  Center, 
15  September  1994. 


Qdnferenges  &  Symposia 

Fiesta  Informacion  '98 

Convention  Center  •  San  Antonio,  TX 
“The  Virtual  Enterprise  in  the  21st  Century" 

For  information  call  800-564-4220 
14— 16  Apr  98 


10th  Ann.  Software  Technology  Conference  j 

Salt  Palace  Convention  Ctr,  Salt  Lake  City,  UT 
“Knowledge-Sharing  —  Global  Information  Net¬ 
works.” 

http://www.stc98.org 

19— 24  Apr  98  .  '  .j, 


USPACOM 

Information  Assurance  Conference 

Honolulu,  HI 

POC:  SFC  Huff  808-477-1046 
e-mail:  huffsdOO@hq.pacom.mil 
28—30  Apr  98 


Introduction  to  Information  Operations 

TS/SCI  clearance,  0-3  through  0-6  and  equiva- 
lents.Bolling  AFB,  DC. 

POC:  Mr.  Doug  Dearth 
703-780-2584 
e-mail:  dhdearth@aol.com 
4 — 8  May  98 


Penetration  Testing  Course 

This  course  is  Government  Only.  Booz*Allen  & 
Hamilton  McLean  Campus.  See  page  3  for 
complete  description,  http://www.iatac.dtic.mil 
4  Jun  98 
Fee:  $225.00 

Registration  form  on  back  of  newsletter.  -V. 


IIBW9xxx:  Intermediate  Information 
Operations/Warfare  (IBW) 

5  days,  SECRET  clearance  required,  0-4 
through  0-6  and  equivalents,  School  of  Infor¬ 
mation  Warfare  and  Strategy,  National  Defense 
University,  Fort  McNair,  DC 
POC:  Dr.  Fred  Giessler,  202-685-2209 
IBW9804  13— 17Jul98 

IBW9901  12— 23  Oct  98 
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Penetration  Testing  ; 

GXJRSE  REHSTRAriGN  1 

June  4,  NHjean  VA  | 

(Government  Only)  I 

Title  I 

I 

Attendee  Name _  | 

Organization  (Govt  or  Military)  J 

1 

i 

Organization  Address  f 


DsnaBuncN  &  InraavKncN 

U.S.  Distribution  Only 

□  Change  □  Add 

□  Send  IATAC  Technical  Area  Task  Info  (Govt  Only) 

Name _ 

Title _ 

Company/Org. _ 

Address _ 


Phone 

E-mail 


Fax 


Fee  $225.00  (Add  $50.00  after  18  May  1998) 

□  Check  enclosed  for  $ _ 

Atfacfi payment  and /na//6y  /8 May  98  to: 

/ATAC,  8283  Greensboro  Drive,  A//en663-D 
McLean,  VA  22 f 02-3838 


City/State/Zip _ 

Phone  _ 

Fax _ 

DSN _ 

E-mail _ 

Organization  (check  one): 

□  USA  □  USN  □  USAF  □  USMC  □  OSD 

□  Contractor 


Information  Assurance 
Technology  Analysis  Center 
8283  Greensboro  Drive,  Allen  663 
McLean,  VA  22102-3838 


